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DETAILED ACTION 

Claims 1, 3-8, 10-15, and 17-21 are pending for examination. 

Claims 2, 9, and 16 are cancelled. 

Claims 1,3-8, 10-15, and 17-21 are rejected. 

Response to Arguments 

1 . Applicant's arguments with respect to claims 1 , 8, and 1 5 have been considered 
but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

2. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

3. Claims rejected under 35 U.S.C. 103(a) as being unpatentable over US 6 961 
783, Cook et al as applied to claims 1 , 8, and 15 above, and further in view of US 

2003/0172145, Nguyen. 

4. As per claims 1 , 8, and 1 5, Cook teaches a name/address translation device, 
method, and computer-readable medium recording a program (abstract) comprising: 

a unit to receive a query about an IP (internet protocol) address corresponding to 
a name of a communication destination from a communication source (column 6, line 61 
to column 7, line 7, where the device has multiple network interfaces); 

an identifying unit to identify, when that the communication source of the query 
belongs to either the private IP address network or the global IP address network based 
on an source IP address of the query, and to identify that a communication destination 
belongs to either the private IP address network or the global IP address network based 
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on the name of the communication destination included in the query (column 6, line 61 
to column 7, line 7, where the device has multiple network interfaces, where the inside 
interface may be connected to a private network, while the outside interface is 
connected to a public network such as the Internet. In addition, each interface is fitted 
appropriately for communication with media, logic, and memory to communicate with 
the various media types. This logic and difference between internal and external private 
and public networks allows the device to distinguish between the network types of the 
source and destination by which interfaces the communications are associated with); 

a judging unit to judge a combination of network types to which the 
communication source and the communication destination respectively belong, based 
on results of identification by the identifying unit (column 5, lines 23-34, where the 
system access list may require device verification in order to respond with the requested 
address. This verification serves to judge whether the requesting device is allowed 
access to the destination address), and 

a searching unit to search for the private IP address corresponding to the name 
of the communication destination by using the database if both of the communication 
source and the communication destination belong to the private IP address network, to 
search for the global IP address corresponding to the name of the communication 
destination by using the database if both of the communication source and the 
communication destination belong to the global IP address network (column 5, lines 1- 
10, where the DNS server resolves the IP address of the requested domain name for a 
client requesting an Internet IP address. This, along with column 6, line 61 to column 7, 
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line 7, where the device has multiple network interfaces, where the inside interface may 
be connected to a private network, while the outside interface is connected to a public 
network such as the Internet, shows that the client on a private address may request the 
public IP address of a domain name from the domain name server); and 

a sending unit to send the communication source the global IP address or the 
private IP address as a response to the query if the global IP address or the private IP 
address is obtained by the searching unit when the judging unit judges that it is 
allowable to give the response (column 5, lines 1-10, where the DNS server resolves 
the domain name into an IP address and forwards it to the requesting client, along with 
Figure 3, also column 7, lines 20-22, where the address is not returned if the source is 
not allowed to access the destination). 

Cook does not expressly teach rejecting the query when it comes from a global network 
for a private network. Nguyen teaches a system for providing internet service 
comprising: 

a first database used for searching for a private IP address corresponding to the 
name of the communication destination (paragraph 532, where the DNS may be a split 
DNS between internal and external domains); 

a second database used for searching for a global IP address corresponding to 
the name of the communication destination (paragraph 532, where the DNS may be a 
split DNS between internal and external domains); 

a judging unit to judge a combination of network types to which the 
communication source and the communication destination respectively belong, based 
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on results of identification (paragraph 532, where the DNS may be a split DNS between 
internal and external domains); 

a sending unit sending a response to a query when the searching unit searches 
for a query, and to reject the query when the identifying information identifies that the 
communication source belongs to a global network and the communication destination 
belongs to a private network (paragraph 532, where the split DNS prevents internal host 
names and addresses from being revealed over the internet). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a split DNS such as taught by Nguyen in a DNS system such as taught by 
Cook. Cook's system provides access control lists such that a DNS query may be 
rejected based on access rights. Nguyen's system splits the DNS response units such 
that external and internal addresses are preserved within their domains. Splitting 
domains such as taught by Nguyen would prove beneficial in that private addresses 
would not be sent over the global network, adding security (Nguyen, paragraph 532). 
5. As per claims 3, 10, and 17, Cook further teaches the sending unit invalidates 
sending the response, if there is no application of which a use is permitted in a 
communication between the communication source and the communication destination 
when the identifying unit identifies that the communication source belongs to the private 
network and the communication destination belongs to the global network (column 7, 
lines 20-22, where the address is not returned if the source is not allowed to access the 
destination). 
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6. Claims 4-7, 11-14, and 18-21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US 6 961 783, Cook et al and US 2003/0172145, Nguyen as applied 
to claims 2, 9, and 16 above, and further in view of US 7 093 288, Hydrie et al 
(previously cited). 

7. As per claims 4,11, and 18, neither Cook nor Nguyen expressly teach a system 
with firewall or packet filtering in conjunction with the DNS service. Hydrie teaches a 
system of network communication containing a packet filtering system and method 
comprising: 

a notifying unit configured to notify, when a response containing a second 
terminal corresponding to the communication destination belonging to the second 
network is given to a first terminal corresponding to the communication source 
belonging to the first network, a routing device of passage information for letting a data 
pass through that are forwarded between the first terminal and the second terminal, the 
routing device receiving the data forwarded between the first network and the second 
network and letting only the data with its passage permitted pass through, and effecting 
an address translation between the first network and the second network (column 4, 
lines 25-40, where the filters are accessed by the controller, and thus the controller 
becomes aware of the passage rules, and either allows or denies communication 
between devices). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a method of packet filtering such as that taught by Hydrie in the system of 
Cook. Packet filtering allows a user to determine whether communication should be 
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allowed between devices based on a desired rule set (Hydrie, abstract). This would 
have been beneficial in Cook's system, as it would have provided an additional layer of 
protection to deny communication between devices, which is not allowed by the access 
list. 

8. As per claims 5, 12, and 19, Hydrie further teaches 

wherein the notifying unit notifies the routing device of passage information 
containing a first network address used in the first network that is virtually assigned to 
the second terminal and a second network address that the second terminal uses on 
the second network, so that the routing device translates, when a data transmitted from 
the second terminal passes through, the second network address a source address 
included in the data into the first network address (column 4, lines 42-50 show the 
virtual ization data, which includes a map of the virtual devices. This map contains 
information on the communication source and destination, and also contains translation 
information for translating the virtual addresses to real addresses), and 

wherein the sending unit sends a response containing the first network address 
so that the first terminal adds the first network address as a destination address to a 
data addressed to the second terminal to transmit the data addressed to the second 
terminal, and that the routing device translates, when the data addressed to the second 
terminal passes through, translates, when the data addressed to the second terminal 
passes through, the destination address into the second network address (column 4, 
lines 60-64 show that the network mediator uses the mapped addresses contained in 
the virtual ization data to convent the addresses and forwards the communication). 
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9. As per claims 6, 1 3, and 20, Hydrie further teaches the notifying unit notifies the 
routing device of the passage information further containing information about an 
application of which the utilization is permitted in the communication between the first 
terminal and the second terminal in order for the routing device to let only the data pass 
through which is based on the application of which the utilization is permitted between 
the first terminal and the second terminal (Hydrie teaches this limitation. Column 6, lines 
40-50 show an example of the system working with multiple filters, where one filter 
restricts the communication between two devices to a particular protocol). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a method of packet filtering such as that taught by Hydrie in the system of 
Cook. Packet filtering allows a user to determine whether communication should be 
allowed between devices based on a desired rule set (Hydrie, abstract). This would 
have been beneficial in Cook's system, as it would have provided an additional layer of 
protection to deny communication between devices, which is not allowed by the access 
list. In particular, restricting access to a particular protocol would provide further 
security, as even with a connection, a device would not have full control over another 
device. 

1 0. As per claims 7, 1 4, and 21 , Hydrie further teaches wherein the notifying unit 
notifies, before the sending unit sends the address of the second terminal, the routing 
device of the passage information (Hydrie teaches this limitation. Column 4, lines 25-40 
show that the passage information is maintained in the filter list, thus providing a stable 
source of the passage information which can be accessed at any time). 
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It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a method of packet filtering such as that taught by Hydrie in the system of 
Cook. Packet filtering allows a user to determine whether communication should be 
allowed between devices based on a desired rule set (Hydrie, abstract). This would 

have been beneficial in Cook's system, as it would have provided an additional layer of 
protection to deny communication between devices, which is not allowed by the access 
list. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to THOMAS RICHARDSON whose telephone number is 
(571 ) 270-1 1 91 . The examiner can normally be reached on Monday through Thursday, 
8am-5pm EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Vaughn can be reached on (571) 272-3922. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Primary Examiner, Art Unit 2444 



